If you have Splunk, parsing is even easier and you don’t have to worry about how the columns line up. :14:40:46 GMT ns 0-PPE-0 : SSLVPN ICASTART 540963 0 : Source 192.168.1.98:62362 – Destination 192.168.1.82:2598 – username:domainname mhayes:Xentrifuge – applicationName Desktop – startTime “:14:40:46 GMT” – connectionId 81d1Īs you can see, if you are a log monger, this is a VERY nice log!! (Few can appreciate this) With the exception of the credentials everything is very easy to parse and place into those nice SQL Columns I like. Below you see a sample of the ICASTART log. The ICASTART event contains some good information in addition to the external IP. The two syslog events I want to talk about are ICASTART and ICAEND. Somewhere between 9.2 and 9.3 the requested enhancement was added and it included other very nice metrics as well. This makes reporting on where the users are coming from somewhat challenging. In the last ten years, it has become increasingly rare for an end user to actually plug their computer directly into the internet and more often, they are proxied behind a Netgear, Cisco/Linksys, and Buffalo switch. As you are likely aware, what you get in the logs are the IP Addresses bound to the workstation and not the external IP Address that they are coming through. Basically we wanted the ability to see the external IP Addresses of our customers coming through the Access Gateway. In 2008 I had a conversation with Jay Tomlin asking him if he would put in an enhancement for ICA Logging on the AGEE.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |